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AMENDMENTS TO THE CLAIMS 



This listing of claims replaces all prior versions and listings of the claims: 
Listing of Claims: 

1 . (Currently Amended) In a system including a service that is accessed by 
a user from one or more devices with varying input capabilities, a method for 
associating multiple credentials with a single user account such that the user may be 
authenticated with any one of the multiple credentials, the method comprising an 
authentication system performing acts of: 

receiving an authentication request at the authentication system from a 

device, wherein credentials of the user are included in the authentication 

request; 

validating the credentials provided by the user, wherein the credentials 
are associated with a single unique u ser identifier of the use r, a user account, 
and a user profile ; 

receiving new credentials from the user, wherein the new credentials are 
associated with the same unique user identifier of the use r, user account, and 
user profile ; and 



storing the new credentials in a credential store of the authentication 
system such that the authentication system can authenticate the user to the 
service when the user provides any one of the multiple credentials associated 
with the user account; and 

providing, in response to the request, the unique user identifier and the 
user profile to the device. 

2. (Ciirrently Amended) A method as defined in claim 1, wherein the 
authentication system is a distributed authentication system, wherein the act of 
receiving an authentication request at the authentication svstem finther comprises an 
act of determining where to send the credentials for validation. 



2 of 19 



Application No. 10/020,470 

Amendment "A" dated July 2, 2007 

Reply to Non-Final Office Action mailed April 2, 2007 

3. (Original) A method as defined in claim 2, wherein the act of 
determining where to send the credentials for validation uses a usemame of the 
credentials. 

4. (Currently Amended) A method as defined in claim 1, wherein the act 
of receiving new credentials firom the user further comprises an act of symmetrically 
associating the new credentials with a unique u ser identifier. 



5. (Currently Amended) A method as defined in claim 4, wherein the act 
of symmetrically associating the new credential with a unique u ser identifier fiirther 
comprises an act of associating the new credentials with a user account. 

6. (Currently Amended) A method as defined in claim 4, wherein the act 
of symmetrically associating the new credential with a unique user identifier further 
comprises an act of caching a copy of the unique user identifier with the new 
credential. 

7. (Currently Amended) A method as defined in claim 1, wherein the act 
of receiving new credentials firom the user fiulher comprises an act of asymmetrically 
associating the new credentials with a primary credential, wherein the primary 
credential is stored in a primary store with th e unique user identifier. 
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8. (Original) A method as defined in claim 1, further comprising one or 
more of: 

a step for remembering which credential was received in the 
authentication request; 

a step for prompting the user for a more secure credential when the 
credentials received in the authentication request do not meet security 
requirements of the service; and 

a step for providing at least one security measure for each credential 
associated with the user account, wherein the user is not authenticated to a 
service if the security measure of a particular credential is breached or the user 
account is locked. 
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9. (Currently Amended) In a system that includes multiple services that are 
accessed by a user over a network such as the hitemet, wherein the user accesses the 
multiple services from one or more devices that have varying input capabilities, a 
method for accessing a service from a device, the method comprising acts of: 

providing multiple credentials to an authentication seme esvstem, 

wherein each of the multiple credentials is associated with a user account, a 

unique user identifier and a user profile that is maintained by the authentication 

system; 

requesting access to a service using a device included in the one or more 
devices, wherein the service requires that the user be authenticated before access 
to the service is granted to the user, wherein the device is redirected to the 
authentication system; 

selecting an access credential to send to the authentication system from 
the multiple credentials and entering the access credential in the device; 

issuing an authentication request to an authentication system, wherein 
the authentication request includes the access credential selected by the user; 

receiving an authentication response from the authentication system, 
wherein the authentication response includes [[a]] the unique u ser identifier that 
authenticates the user to the service if the access credential is validate d, the 



sending an authenticated request to the service, wherein the authenticated 
request includes the unique user identifie r and user profile such that access to 
the service is obtained. 

10. (Original) A method as defined in claim 9, wherein the act of 
selecting an access credential to send to an authentication system from multiple 
credentials fiirther comprises an act of selecting the access credential according to an 
input capability of the device. 




also including the 



profile; and 
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11. (Original) A method as defined in claim 10, wherein the access 
credential is a numerical credential when the device has numerical input. 

12. (Currently Amended) A method as defined in claim 9, wherein the 
service requires a specific level of security , the method further comprising: 

an act of requiring the user to provide a secure credential to the 
authentication system that is more secure ^tat -thant he access credential; and 

an act of providing the service with a level of security of the secure 
credential and of the access credential, wherein the service is unaware of both 
the selected credential and the secure credential. 

13. (Currently Amended) A method as defined in claim 9, wherein the 
authentication system is a distributed system and wherein some of the multiple 
credentials are stored on different credential stores, wherein the act of providing 
multiple credentials to an authentication service further comprises one or more of: 

a step for symmetrically associating the multiple credentials with [[a]] 
the unique u ser identifier, wherein the use identifier is cached with each of the multiple 
credentials; 

a step for symmetrically associating the multiple credentials with a user 
account, wherein a user account is cached with each of the multiple credentials and 

an step for associating a security measure with each of the multiple 
credentials, wherein the user is not authenticated to a service if the security measure of 
a particular credential is breached or the user account is locked. 



6 of 19 



Application No. 10/020,470 

Amendment "A" dated July 2, 2007 

Reply to Non-Final Office Action mailed April 2, 2007 



14. (Currently Amended) A method as defined in claim 9, wherein the 
authentication system is a distributed system and wherein some of the muUiple 
credentials are stored on different credential stores, wherein the act of providing 
multiple credentials to an authentication service further comprises an act of 
asymmetrically associating the multiple credentials with a primary credential, wherein 
the xmique u ser identifier is stored with the primary credential. 



15-21. (Cancelled) 
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22. (Currently Amended) In an environment including a user that accesses 
multiple services with one or more d e vic e s that hav e varying input capabiliti e s, a 
method for an authentication system to authenticate the user to each of the multipl e 
services, the method comprising the authentication system performing steps for: 

receiving an access cred e ntial from the user, wherein the acc e ss 
credential is associated with a user account that includes a us e r identifier and 
wher e in th e acc e ss cr e dential has a security level; 

det amining, from th e access credential, a cred e ntial store that stor e s a 
master cred e ntials that is used to vahdat e th e access cred e ntial; 

validating the acc e ss credential at th e credential store with the master 
credential; 

A method as recited in claim 1, wherein the new credential has an 
associated security level and wherein the method fiirther comprises: 

associating the one or more new credentials credential with the user 
account such that the user can be authenticated with both the aeeess -original 
credential and the one or more n ew credential credentials . wher e in each of the 
one or more new credentials has a security l e vel; 

remembering the access cr e dential that was provided by th e user; and 

prior to providing the response, and subsequent to receiving the 
authorization request, p rompting the user for a secure credential that is more 
secure than the aeeess -original credential if the security level of the access 
original credential is insufficient for a service being accessed by the user, 
wherein the service is provided with the security level of both the access 
original credential and the secure credential, but is not aware of either the 
aeeess -original credential or the secure credential. 
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23. (Currently Amended) A method as defined in claim 22, wherein the step 
for associating one or more the new credentials credential w ith the user account fiirther 
comprises a step for symmetrically associating the aeeess -original credential and the 
one or more new credentials new credential with the user account, wherein the user 
account is cached with each of the aeeess -original credential and the one or more new 
credentials new credential . 

24. (Currently Amended) A method as defined in claim 23, wherein the step 
for associating the new credential one or more n e w credentials with the user account 

further comprises a step for asymmetrically associating the new credential one or more 
new credentials with a primary credential, wherein the primary credential is associated 
with the user account and wherein the primary credential is cached with each of the on e 

25. (Original) A method as defined in claim 22, further comprising a 
step for automatically authenticating the user at different services after the user has 
been authenticated at a first service. 

26. (Currently Amended) A method as defined in claim 22, wherein the 
aeeess -original credential is a numerical credential when the device has substantially a 
preferred numerical input. 
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27. (Currently Amended) In a system including a service that is accessed by 
a user from one or more devices with varying input capabilities, a computer program 
product for implementing a method for associating multiple credentials with a user 
account such that the user may be authenticated with anyone of the multiple credentials, 
the computer program product comprising: 

a computer readable storage medium storinghaving computer readable 
instructions for performing the metho d of claim 1. . th e m e thod comprising acts 

receiving an authentication requ e st at the authentication syst e m 
from a device, wherein credentials of th e user are included in the 
authentication request; 

validating the credentials provided by the us e r, wherein the 
credentials are associated with a user id e ntifi e r; 

receiving n e w cred e ntials from the user, wh e r e in th e n e w 
cr e d e ntials are associated with a us e r identifier of the user; and 

storing th e new cr e dentials in a cr e d e ntial stor e of the 
auth e ntication — system — such — feat — fee — aufeentication — s ystem — can 
aufeenticate fe e us e r to the servic e when fee us e r provides any one of the 
multiple credentials.. 

28. (Currently Amended) A computer program product as defined in claim 
27, wherein the authentication system is a distributed authentication system, wherein 
the act of receiving an authentication request at fee aufeentication system fiirther 
comprises an act of determining where to send fee credentials for validation. 
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29. (Original) A computer program product as defined in claim 28, 
wherein the act of determining where to send the credentials for validation uses a 
usemame of the credentials. 

30. (Currently Amended) A computer program product as defined in claiim 
27, wherein the act of receiving new credentials firom the user further comprises an act 
of symmetrically associating the new credentials with [[a]] the unique u ser identifier. 

31. (Currently Amended) A computer program product as defined in claim 
30, wherein the act of symmetrically associating the new credential with [[a]] the 
unique user identifier fijrther comprises an act of associating the new credentials with a 
user accoimt. 

32. (Currently Amended) A computer program product as defined in claim 
30, wherein the act of symmetrically associating the new credential with [[a]] the 
xmique u ser identifier fiirther comprises an act of caching a copy of the imique u ser 
identifier with the new credential. 

33. (Currently Amended) A computer program product as defined in claim 
27, wherein the act of receiving new credentials fi-om the user further comprises an act 
of asymmetrically associating the new credentials with a primary credential, wherein 
the primary credential is stored in a primary store with the unique user identifier. 
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34. (Original) A computer program product as defined in claim 27, 
further comprising acts of: 

remembering which credential was received in the authentication 
request; and 

prompting the user for a more secure credential when the credentials 
received in the authentication request are not sufficient for the service. 
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35. (Currently Amended) In a system that includes multiple services that 
are accessed by a user over a network such as the Internet, wherein the user accesses 
the multiple services from one or more devices that have varying input capabilities, a 
computer program product for implementing a method for accessing a service from a 
device, the computer program product comprising: 

a computer readable medium having computer executable instructions 
for performing the metho d of claim 9. . th e m e thod comprising acts of: 

providing multipl e credentials to an auth e ntication service, 
wherein each of the multiple credentials is associated with a user account 
that is maintained by the authentication system; 

r e questing access to a s e rvic e using a device includ e d in the one 
or more d e vices, wher e in the s e rvice requires that the us e r be 
auth e nticated befor e acc e ss to the service is grant e d to th e us e r, wher e in 
th e devic e is redirect e d to th e auth e ntication system; 

sel e cting an acc e ss cred e ntial to send to the auth e ntication system 
from the multipl e credentials and ent e ring the access credential in the 

issuing an auth e ntication requ e st to an auth e ntication system, 
wh e rein the auth e ntication r e quest includes the acc e ss credential 
s e lected by the user; 

receiving an authentication response from the authentication 
system, wherein the auth e ntication r e sponse includ e s a user identifier 
that authenticates the us e r to th e s e rvic e if the access credential is 
validated; and 

sending an authenticat e d r e qu e st to th e servic e , wherein the 
authenticated request includ e s the us e r id e ntifier such that access to th e 
s e rvice is obtained. 
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36. (Original) A computer program product as defined in claim 35, 
wherein the act of selecting an access credential to send to an authentication system 
from multiple credentials ftirther comprises an act of selecting the access credential 
according to an input capabihty of the device. 

37. (Original) A computer program product as defined in claim 36, 
wherein the access credential is a numerical credential when the device has numerical 
input. 

38. (Original) A computer program product as defined in claim 35, 
wherein the service requires a level of security, the method further comprising an act of 
providing a secure credential to the authentication system, wherein the secure 
credential is more secme than the access credential and wherein service is unaware of 
both the selected credential and the secure credential. 
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39. (Currently Amended) A computer program product as defined in claim 35, 
wherein the authentication system is a distributed system and wherein some of the multiple 
credentials are stored on different credential stores, wherein the act of providing multiple 
credentials to an authentication service further comprises one or more of: 

an act of symmetrically associating the multiple credentials with [[a]] the unique 
user identifier, wherein the unique user identifier is cached with each of the multiple 
credentials; and 

an act of symmetrically associating the multiple credentials with a user account, 
wherein a user account is cached with each of the multiple credentials. 

40. (Currently Amended) A computer program product as defined in claim 35, 
wherein the authentication system is a distributed system and wherein some of the multiple 
credentials are stored on different credential stores, wherein the act of providing multiple 
credentials to an authentication service fiirther comprises an act of asymmetrically associating 
the multiple credentials with a primary credential, wherein the unique user identifier is stored 
with the primary credential. 

41. (New) A method as defined in claim 1, wherein the same imique user identifier is 
provided to the user regardless of the credentials received firom the user. 

42. (New) A method as defined in claim 1, wherein different credentials are required 

firom each of the one or more devices. 

43. (New) A method as defined in claim 1, wherein providing the unique user 
identifier and the user profile to the device comprises sending a cookie containing the unique 
user identifier and the user profile to the device. 
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44. (New) A method as defined in claim 1, wherein the user profile includes data 
about the user comprising name, personal information, preferred language, preferences, and 
location. 
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